It may be prudent to use extra protection on certain ebuilds in standard Gentoo profiles where the changes would be significant in the case of a security fault in the program. Such programs as daemons and chmod()+s programs would be major targets for this sort of thing.

The most immediately apparent route to take would be to have ebuilds such as openssh, apache, and su stack smash protected. This would prevent common buffer overflow attacks from being used to compromise security; such attacks would only cause the program attacked to abort, which could still be used as a Denial of Service attack, but would not allow successful intrusion.

Gentoo ships gcc with stack smash protection built in. This is activated by -fstack-protector or -fstack-protector-all. It would be feasible to add one of these flags to an ebuild based on a FEATURES or USE setting.

I believe it would be a good idea to have such a FEATURES or USE flag on by default in all profiles where SSP is supported. In this manner, the major targets of security attacks would automatically be protected; while still allowing the user to disable the protection if the user desires. Users wanting more protection can simply add -fstack-protector to CFLAGS, or use Hardened Gentoo.

Any comments? Would this be more suitable as a USE or a FEATURES setting?

- -- All content of all messages exchanged herein are left in the Public Domain, unless otherwise explicitly stated.